The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The tale of LulzSec  two admits targeting websites Two British members of the notorious Lulz Security hacking collective have pleaded guilty to a slew of computer crimes, in the latest blow against online troublemakers whose exploits have grabbed headlines and embarrassed governments around the world. LulzSec members Ryan Cleary , 20, and Jake Davis , 19, pleaded guilty in a London court to launching distributed denial of service (DDoS) attacks last year against several targets, including the CIA, the Arizona State Police, PBS, Sony, Nintendo, 20th Century Fox, News International and the U.K.'s Serious Organized Crime Agency and National Health Service Ryan Cleary is from Essex, United Kingdom who was arrested by Metropolitan Police on June 21 2011 and charged with violating the Computer Misuse Act and the Criminal Law Act 1977. He was accused of being a member of LulzSec but was not a member of the said group although he admitted that he did run one of the IRC channels that t...

RSA SecurIDs Get Cracked In 13 Minutes Major corporations, government agencies, and small businesses all hand out RSA SecurID fob keychains to employees so that they can log in to their systems for security reasons and If you're used to seeing a device like this on a daily basis, you probably assume that it's a vital security measure to keep your employer's networks and data secure. A team of computer scientists beg to differ, however, because they've cracked the encryption it uses wide open. In a paper called " Efficient padding oracle attacks on cryptographic hardware ," researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard. They managed to develop an approach that requires just 13 minutes to crack the device's encryption. RSA Security, a division of the data storage company EMC, is one of the l...

Drones can be hijacked by terrorist , Researchers says Vulnerability Exist Fox News is reporting that researchers say that terrorists or drug gangs, with the right kind of equipment could turn the drones into "suicide" weapons. A University of Texas researcher illustrated that fact in a series of test flights recently, showing that GPS "spoofing" could cause a drone to veer off its course and even purposely crash. This is particularly worrisome, given that the US is looking to grant US airspace to drones for domestic jobs including police surveillance or even FedEx deliveries In other words, with the right equipment, anyone can take control of a GPS-guided drone and make it do anything they want it to. Spoofers are a much more dangerous type of technology because they actually mimic a command by the GPS system and convince the drone it is receiving new coordinates. With his device what Humphreys calls the most advanced spoofer ever built (at a cost of just $1,000) he was...

PayPal will Pay Security Researchers for finding Vulnerabilities Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner. If you manage to find a security flaw in any of PayPal's products, you may be entitled to a cash reward. " I'm pleased to announce that we have updated our original bug reporting process into a paid 'bug bounty' program, " PayPal's Chief Information Security Officer Michael Barrett said in a  blog post  on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering. PayPal plans to categorize reported bugs into one of four categories: XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery), SQL Injection or Authentication Bypass  Researchers need to have a verified PayPal account in order to receive the monetary rewards. " I original...

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat Apple has quietly removed a statement from its website that the Mac operating system isn't susceptible to viruses. Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback Trojan earlier this year, there were claims weeks later from security researchers that hundreds of thousands of Macs were still infected. Apple is one of the single software companies that hasn't really faced the problem of viruses, for years claiming their operating system is the most secure among all. The specific language about the operating system, " It doesn't get PC viruses " was replaced with " It's built to be safe. " But now, Apple may be taking security threats more seriously. Apple is introducing a new app security measure called Gatekeeper in the upcoming release of Mountain Lion, the latest version of Mac OS X. The majority of malware might still be floating around ...